Six Memorable Sessions with Government DevSecOp Leaders: What We Learned

The afternoon of May 6th made clear that the time for DevSecOps is now across the federal government. An audience of over 500 attendees across the public sector joined together online to connect with five government DevSecOps pathfinders and one notorious white hat hacker. These sessions are now recorded and available on-demand. Why bring all these government technology leaders together? To provide a practical roadmap on how to successfully integrate security into DevOps and digital transformations — straight from the agencies and innovators who’ve done it.

The forum consisted of four keynote sessions and two fireside chats. Here are takeaways from each of session:

Chris Roberts, adversarial researcher and white hat hacker, kicked off the program with an unfiltered perspective on the state of information security. He says one of the issues we have in our industry is that we don’t have a good handle on the severity of our breaches. We keep pushing information to the cloud. As security people, we have a moral obligation to try to protect others. How do we protect data and other sensitive information? He suggests the following:

• We fix the basics. Too many times we go into organizations where they don’t have an SDLC in place. Learn from mature organizations. 
• We build security throughout the entire process. Security and safety are built from the get-go. Put deception technology throughout the entire life cycle to test its reslience.
• We share DevSecOps strategies and collaborate. Start sharing information and intelligence faster by talking other people’s languages. Take complicated things and put them into plain simple terms and common language.

Ron Ross, NIST Fellow and DevSecOps evangelist, could not have been better suited to follow Chris. Ron began with a metaphor for cybersecurity: above the waterline and below the waterline is where the (Read more...)